All our laptops are installed with Websense Endpoint Client which ensures all HTTP/HTTPS traffic is routed to Websense Cloud service whether on corporate LAN, public WiFi or home broadband.
However, we are experiencing issue with Websense routing when after connecting to an SSL VPN using FortiClient to a Fortigate firewall. In certain scenarios, the web browser traffic tries to connect directly to the internet, rather than to Websense servers. See details below
- We traffic does proxy correctly on the internal LAN and it does proxy correctly when on an external network e.g. home broadband
- it does proxy correctly correctly when connecting via the VPN WHEN THE BROWSER IS OPENED BEFORE MAKING THE VPN CONNECTION.
- it does NOT proxy if I make the VPN connection first and then open the browser to access the internet. In this scenario, using TCPView, I can see the browser trying to connect directly to websites which I do not want. I still need this proxy in via Websense as with all other scenarios.
The fact Websense traffic routes to Websense via the VPN in 1 scenario suggests the traffic is allowed across the VPN and out the corporate firewall unhindered.
I just can’t work out what is different in connecting the web browser first and what is causing the web browser to try and connect to the internet directly… Incidentally, when I manually download the PAC file in this situation, it downloads fine. Wireshark doesn't show much as soon as the VPN is connected due to encryption I assume.
Any thoughts?